Banish your daemons!

Posted at 10:37am on Tuesday February 3rd 2009

In depth: A daemon is a task that runs in the background, and there's a small army of them that are started when you fire up your machine. There are daemons for controlling automated tasks, daemons for managing power and CPU use, daemons for printing and daemons for writing the system logs. Some denote their status by ending with the letter 'd', while others prefer the anonymity of names like 'binfmpt-support' or 'brltty'.

Daemons are obviously an important part of the running environment. But there's also a slight problem: without any divine inspiration, the average Linux distribution can't accurately guess which daemons are going to be of use to you, and which aren't. The result is that they'll normally play it safe and err on the side of caution.

This means that your desktop may include a laptop power management daemon, or Bluetooth tools, neither of which may be of great use. These will still get loaded up and use valuable memory, so you can save boot time and memory by spending a little time pruning your daemons, and fitting them to your own requirements. The trick is knowing which ones to cut...

Services are what most people think of when they consider daemons. They're often started at boot time and run silently in the background - but they don't necessarily need to be lightweight system management processes. There's no reason why complete application suites can't be considered daemons.

Which services are and aren't running is entirely dependent on your distribution and what you're using your distribution for. If you're using a distribution that's suitable for a server environment, it's likely that the Apache web server, along with its school of helper applications, is running as a daemon.

That's a major resource hog if you don't happen to require a web server, and it wasn't so long ago that distributions like Mandriva installed and ran a web s erver by default. This is unlikely to happen in these frugal times, but there's probably still going to be something you don't need running in the background.

List the possible offenders

There are many ways of listing which services are running, but one of the clearest ways to do so is to use a command line tool called chkconfig. You might need to install this manually through your package manager, but when it's run from the command line, it creates a list of running services and outputs these to the terminal. Running the command on a default Ubuntu installation gave us 93 separate tasks, whereas running the same command on OpenSUSE 11 gave us 83 tasks. The first thing you might notice is that it's difficult to define exactly what each service is responsible for. Here's a cutting from the top of the chkconfig output on our Ubuntu machine:

acpi-support 2345
acpid 2345
alsa-utils off
anacron 2345
apmd on

For all the advantages of the GUI service management tool, nothing can beat the clarity of using chkconfig on the command line.

The service names are listed on the left, while to the right of each is a description of that service's runlevel. Linux, and Unix before it, uses different runlevels to run different services. For example, runlevel 1 is typically used as a single-user system maintenance mode. This might mean there are no network services, and there certainly won't be a graphical desktop.

In the above example output, you can see that the anacron daemon, which handles running tasks at a specific time, will only be running when the system is booted into runlevels 2, 3, 4 and 5. The problem with runlevels is that there's no particular standard across distributions. The only levels common to all distributions are 1 and 6, which are used to halt and reboot the machine respectively. Runlevel 3 in Gentoo is the full multi-user environment with a desktop. That's runlevel 4 in Slackware and runlevel 5 in Ubuntu, Fedora and OpenSUSE.

If you ever want to switch to another runlevel while from within your current session, use the telinit command, followed by the number of the level you want to switch to. It's a good idea to try runlevel 3, for example, as with most distributions this will give you a good idea of the potential speed and memory improvements you can expect after you've gone to the trouble of pruning the services from your system you don't require. That means that you can't assume that our instructions for removing services from one runlevel are necessarily going to apply to your chosen distribution.

The Ubuntu services configuration window offers a lot of tasks that can safely be removed if you can live without them.

Daemon Hill

But before we can get stuck into editing which services we can safely remove, we need to make sure we can get back the default working configuration.

Fortunately, chckconfig can also be used to save the current configuration of services as well as checking those running and their runlevels. Just type chkconfig -A >services.save. This will pipe the output from the chkconfig command into a file called services.save, and if you look at this file in a text editor you'll see that it contains exactly the same output as the standard command.

This makes it a great solution if you can't remember exactly what services were running when you started tinkering with your system, because you can just load up the file and take a look. And as you might expect, you can use chkconfig to start and stop services, as wel l as changing the runlevels they're associated with.

The command chkconfig sshd off would stop the SSH server daemon, for example, while typing chkconfig sshd --level 23 off would ensure that SSH wouldn't be running when the system boots into levels three and four.

These changes are only made after a system reboot - even if you're just turning a service off. But the best thing about chkconfig is that when you've successfully managed to mess up your services installation, you can pipe the contents of that file back into chkconfig to restore the same services configuration out of the desolate wastes of a broken installation. You just need to type chkconfig -s <services.save.

While chkconfig is a clear and quick way to view your daemons and save their configuration state, we wouldn't recommend its use for enabling and disabling them. There are graphical tools that are much better suited to the task. Ubuntu even includes a basic services editing window that can be opened from the System > Administration menu. But we'd recommend a tool called the Boot- Up Manager (it really is called 'bum' for short).

There are Ubuntu packages, and it's what Yast uses on OpenSUSE for enabling and disabling services. Just look for System Services in the Services section. In Export mode, the Boot-Up Manager lists all the possible daemons on your system, including those that aren't currently running, and enables you to select when each daemon runs and at what runlevel.

This leaves us prepared for the next step - finding out what the various services do, and which are safe to remove. As we've discussed, the number and type of services running are dependent on the distribution you're using. Some have more while some have fewer (Ubuntu), but we'll cover the most likely candidates for removal on most Linux distributions. You should try to disable one at a time, and make sure there aren't any ill effects from the change.

Boot-up Manager is the best way we've found to configure which services are started at boot time. If you prefer the command line, you could try reconf.

Cron, Anacron and atd

Likelihood that you'll miss it: 3/5

If you've ever used Cron to schedule the execution of a particular task at a specific time, you'll know exactly what the Cron daemon is responsible for. It patiently waits in the background for the correct date and time, before dutifully executing the command held in its configuration files. You can check exactly what Cron is getting up to by looking at the contents of /etc/crontab, and if you're happy to exclude those tasks from your system, you can safely disable Cron. A close cousin to Cron is called Anacron. This can be found running on Ubuntu, but not on OpenSUSE 11. The difference between Cron and Anacron is that Anacron ensures tasks are run even when the system isn't running. It will make sure a backup scheduled for the night before will be run when the machine is turned on. For this reason, Anacron is more likely to be used for system tasks. In a similar vein, you'll find the atd daemon, which controls the scheduling of tasks executed with the at command. This would normally be a non-recurring command that needs to be run at a specific time.

AppArmor

Likelihood that you'll miss it: 3/5

Both OpenSUSE and Ubuntu use AppArmor to beef up security. It stops one compromised tool being able to wreak havoc on the rest of the system. That's definitely a good thing, but if you can be sure that your system is not going to be compromised or at risk because it's not on a network, running AppArmor makes very little sense and you should disable the daemon. Otherwise, we'd recommend you keep it running. To get the most performance boost, you should also recompile your kernel to remove AppArmor fully

Apport

Likelihood that you'll miss it: 2/5

This is the background crash-reporting service in Ubuntu. You've probably seen it in action when an application crashes, as it's apport that's responsible for the window that appears explaining what's happened, and asks whether you'd like to report the fault to the Ubuntu team. It's a very useful tool for the Ubuntu developers, because it enabled them to get reports from a massive install base where their distribution is being used in all kinds of environments. Apport doesn't have an immediate effect on the user, but if everyone disables it, the rate at which developers add bugfixes and stability improvements may slow down.

Avahi-daemon

Likelihood that you'll miss it: 1/5

Avahi provides automatic discovery of various network services. In theory, it should be a great help for laptop users, as Avahi should simplify the detection of services like printing or file sharing - except that this rarely seems to happen. And it's going to be even less useful for desktop users, as they're even less likely to change their network regularly enough to reap the benefits.

Bluetooth

Likelihood that you'll miss it: 1/5

If your computer isn't equipped with a Bluetooth device, then you don't need to run the bluetooth daemon. Its only job is to wait for remote Bluetooth devices to connect, and pass on those connections to any Bluetooth management utilities that might be running, such as those provided by both Gnome and KDE. While Bluetooth hardware is commonly found on portable devices and laptops, there are relatively few desktop machines with this ability. For this reason, deciding whether to leave this daemon running or disabling it should be easy.

CUPS

Likelihood that you'll miss it: 2/5

CUPS is the printing daemon. It's responsible for picking up print jobs from the various applications you use and sending them to your printer. This obviously means that if you don't have a printer, you don't need to run CUPS.

GPM

Likelihood that you'll miss it: 1/5

All this daemon does is add mouse support for the pure console view. If you run a desktop, you're hardly ever going to need this facility. The only times you might need it is when you need to run your system at a lower runlevel, in which case it might make sense to enable it for runlevels 1 and 2, and not for 3 and 4.

KLogd

Likelihood that you'll miss it: 3/5

KLog is the process that creates your system logs. These are an essential part of any system, especially if your machine acts as some kind of server. But then you have to ask yourself when the last time you took a looked at those log files was. If the answer is 'never', you won't lose anything by disabling this daemon.

NTP

Likelihood that you'll miss it: 4/5

The Network Time Protocol will sync your local clock with the date and time on a couple of remote machines. It's a great way to keep your local time exactly right, and NTP will auto matically update your machine for daylight savings time.

Powersaved, Powernowd and Laptop-mode

Likelihood that you'll miss it: 4/5

These daemons are responsible for reducing the clock speed of your CPU when it's not being used. This is useful for laptop owners to get better battery life from their machines. But if you're after maximum performance, these aren't necessary, especially if your CPU doesn't support the stepping functionality. The laptop-mode daemon makes similar adjustments to the hard drive and can also lengthen the battery life of a laptop by setting the spin-down time to a longer duration, for example. If this functionality doesn't concern you, you can disable it.

Keep an eye on your system monitor - it's the only way you'll be able to tell if there's any advantage from disabling services.

Background processes

Services aren't the only anonymous tasks running on your system. Just type ps aux to see a list of running processes, or use the System Monitor tool for your desktop.

You'll see the usual suspects running as daemons with root ownership, and the number of processes running might surprise you. There are tasks that have started as your desktop launches, many of which will be a part of the desktop itself. Our standard Ubuntu installation running Gnome showed 36 such processes running, whereas OpenSUSE with the same desktop had 33.

Many of these processes handle things like the Gnome desktop, audio and the Nautilus file manager, but many others should be optional. For example, why would the GPhoto volume monitor need to run if you don't use GPhoto? A quick check on Mandriva reveals 38 similar processes, and while most are in a sleep state, they're still consuming memory. That might not be so important for the average user with 2GB of RAM, but if you try to install Ubuntu or OpenSUSE on an older machine, it could make all the difference.

One option is to kill those processes using either the System Monitor or the kill command. But Gnome has an excellent Session Manager, and this can be used to specify which processes you wa nt to launch when you log in. If you break something, you can always re-enable the task and try again. Another option might be to replace the process with something more efficient or even more functional. Ubuntu's default search tool, Tracker, is slow at building an index, and its search results aren't always the best.

Beagle, on the other hand, is a drop-in replacement for Tracker. It performs a better job, and takes more memory, but it's also more useful (which is probably why it's used by OpenSUSE 11). And that's the whole point of exorcising your daemons - to get rid of the stuff that you don't use so there's more space on your system for the stuff you do.